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Disclaimer 


e This presentation is provided for training purposes and does 
not form part of the formal legal and regulatory requirements 
of the HKMA. 


e The HKMA is the owner of the copyright and any other rights 
in the PowerPoint materials of this presentation. Such 
materials may not be reproduced for or distributed to third 
parties, or used for commercial purposes, without the HKMA’s 
prior written consent. 


e The cases or examples provided in this presentation might be 
prepared on the basis of synthesis of multiple cases, and 
certain relevant details might have been omitted. 
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Objectives 


e Clarify Als’ understanding of the requirement 
e Assist Als to better understand, manage and mitigate risk and 
apply a Risk-based Approach 
— Supports other ongoing work streams 
— Means by which greater flexibility is provided to Als 
e Understand barriers and share industry best practices 
e Identify need for any future work 
e No objective to either tighten or relax how this requirement is 
implemented 


— consistent understanding and consideration of risk is the key takeaway 
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Why Collect SOW? 


e Part of a range of KYC measures which seek to address 
the ML risks that arise in wealth management 
— Acting for another, family member of corrupt official etc. 
e Al should not focus design of controls simply to meet 
regulatory requirements 


Objective should be based on fact this information drives risk 
process 


KYC background information goes beyond a single AML control 


Informs monitoring, ability to spot what is not right 


Helps to drive private WM customer relationship, better 
understand needs, provision of better service 


saraka °° ° 
Source of Wealth (SOW) defined 


e The Source of Wealth refers to the origin of the entire body of 
wealth (i.e. total assets) 
— This information will usually give an indication as to the volume of 


wealth the customer would be expected to have, and a picture of how 
the customer acquired such wealth 


— Although Als may not have specific information about assets not 
deposited or processed by them, it may be possible to gather general 
information from commercial databases or other open sources 


Source: FATF Guidance on Politically Exposed Persons, Para. 86-88 


saraka °° ° 
Source of Fund (SOF) defined 


e The Source of Funds refers to the origin of the particular funds 
or assets which are the subject of the business relationship 
between the customer of the Al (e.g. the amount being 
invested, deposited or remitted) 


— Easier to obtain than SOW but this is not simply restricted to knowing 
from which FI it may have been transferred. 


— The information should be substantive and establish a provenance or 
reason for being acquired 


— [note: Detail / granularity based on risk] 


Source: FATF Guidance on Politically Exposed Persons, Para. 86-88 
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Where does SOW requirement arise 


AMLO — Section 10 of Schedule 2 


Special requirements when customer is politically exposed person 


(1) Ifa financial institution knows, from publicly known information or information in its possession, that a 


customer or a beneficial owner of a customer is a politically exposed person, it must, before establishing a 

business relationship with the customer— 

(a) obtain approval from its senior management: and 

(b) take reasonable measures to establish the customer’ s or beneficial owner’ s source of wealth and the 
source of the funds that will be involved in the proposed business relationship. 

If a financial institution comes to know, from publicly known information or information in its possession, 

that an existing customer or a beneficial owner of an existing customer is a politically exposed person or 

has become a politically exposed person, it must not continue its business relationship with the customer 

unless it— 

(a) has obtained approval from its senior management; and 

(b) has taken reasonable measures to establish the customer’ s or beneficial owner’ s source of wealth 
and the source of the funds that are involved in the business relationship. 
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Where does SOW requirement arise 


e AML Guideline 4.13.11 


s.5(3)(b) & s.10, 
Sch. 2 


4.13.11 


When FIs know that a particular customer or beneficial owner is a 
PEP, it should, before (i) establishing a business relationship or 
(ii) continuing an existing business relationship where the 
customer or the beneficial owner is subsequently found to be a 
PEP, apply all the following EDD measures: 


(a) obtaining approval from its senior management; 

(b) taking reasonable measures to establish the customer’s or the 
beneficial owner’s source of wealth and the source of the 
funds; and 

(c) applying enhanced monitoring to the relationship in 
accordance with the assessed risks. 





a KOC eran AUTANET 
What does “reasonable measures” mean? 


e Appropriate measures which are commensurate with the 
money laundering or terrorist financing risks 


FATF Recommendations — Glossary, Page 120 
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Where does SOW requirement arise 


e AMLO — Section 15 of Schedule 2 


13; 


Special requirements in other high risk situations 


A financial institution must, in a situation specified by the relevant authority in a notice in writing given to the 
financial institution and in any other situation that by its nature may present a high risk of money laundering or 
terrorist financing— 

(a) where a business relationship is to be established— 


(b) 


(c) 


(i) 
(ii) 
(A) 


(B) 


obtain approval from its senior management to establish the business relationship: and 
either— 


take reasonable measures to establish the relevant customer’ s or beneficial owner’ s source of 


wealth and the source of the funds that will be involved in the business relationship: or 
take additional measures to mitigate the risk of money laundering or terrorist financing involved: 


where a business relationship has been established— 


(i) 
(ii) 


Gii) 
(A) 
(B) 


obtain approval from its senior management to continue the business relationship: 

if there is a beneficial owner in relation to the relevant customer, take reasonable measures to 
verify the beneficial owner’ s identity so that the financial institution is satisfied that it knows 
who the beneficial owner is; and 

either— 

take reasonable measures to establish the relevant customer’ s or beneficial owner’ s source of 
wealth and the source of the funds that are involved in the business relationship: or 

take additional measures to mitigate the risk of money laundering or terrorist financing involved; 
or 


where an occasional transaction is to be carried out, take additional measures to mitigate the risk of 
money laundering or terrorist financing involved. 
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=o rey as AUTHORITY 
Where does SOW requirement arise 


e AML Guideline 4.11.1 


4.11 High-risk situations 

s.15, Sch. 2 4.11.1 Section 15 of Schedule 2 specifies that an FI must, in any 
situation that by its nature presents a higher risk of ML/TF, take 
additional measures to mitigate the risk of ML/TF. 


Additional measures? or EDD should be taken to mitigate the 
ML/TF risk involved, which for illustration purposes, may 
include: 


(a) obtaining additional information on the customer (e.g. 
connected parties**, accounts or relationships) and updating 
more regularly the customer profile including the 
identification data; 

(b) obtaining additional information on the intended nature of the 
business relationship (e.g. anticipated account activity), the 
source of wealth and source of funds; 

(c) obtaining the approval of senior management to commence or 
continue the relationship; and 
conducting enhanced monitoring of the business relationship, 
by increasing the number and timing of the controls applied 
and selecting patterns of transactions that need further 
examination. 


For avoidance of doubt, all high-risk customers should be subject 
to a minimum annual review with reference to paragraph 4.7.13. 
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Where does SOW requirement arise 


e AML Guideline 12.5 


Due dilig 


ence 


process for 


private banking 
Als should exercise a greater degree of diligence throughout a 
private banking relationship, beyond the standard requirements 
expected for normal retail banking purposes as set out in Chapter 
4. Als should obtain comprehensive customer profile information 
for each of their private banking customers, including: 


(a) 
(b) 
(c) 
(d) 


(e) 
(f) 


purpose and reasons for opening the account; 

business or employment background; 

estimated net worth; 

source of wealth (where possible and appropriate, 
corroboration of major economic activities that gave rise to 
the wealth); 

family background, e.g. information on spouse, and where 
appropriate (e.g. in the case of inherited wealth), parents; 
source of funds (i.e. description of the origin and the means 
of transfer for monies that are acceptable for the account 
opening); 

anticipated account activity including nature and level of 
business and transactions; and 

references (e.g. introduced by whom and when and the length 
of relationship) or other sources to corroborate reputation 
information where available. 


The AI should be satisfied that a customer’s use of complex 
business structures and/or the use of trust and private investment 
vehicles, has a genuine and legitimate purpose. 


All the above information relating to the private banking customer 
should be properly documented in the customer file. 
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a KOC eran AUTANET 
Summary: Where does SOW requirement arise 


e AML Guideline references: 
— 4.6.2 Purpose and intended nature of business relationship 
— 4.11 Additional measures or EDD on high-risk situations 


— 4,13.10b Specific risk factors to consider in handling 
relationship with a PEP 


— 4.13.11 EDD measures on PEP 
— 4.13.12 Reasonable measures to establish SOW 
— 12.5 Due diligence process for private banking 
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SOW is part of EDD 


e SOW requirement arises where Als need to do more 

— Part of EDD requirements 

— Part of due diligence for private banking, where expectations are higher 
Risk-based concept: ‘Reasonable Measures’ = Al decides detail / 
granularity 
What are the considerations; how to obtain SOW? 

— How much wealth - information 

— How wealth was acquired - information 

— Extent of validation / corroboration 


May be established thro’ a combination of sources, provided by 
customer, documents or other 


— Evidence of title, Copies of trust deeds, Audited documents (detailing 
dividends) 


— Documents confirming salary, Tax returns, Bank Statements 
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Obtain “information” on net worth 


e Some indication as to customers’ total net worth 
should be obtained 


e Exact figures not required and impractical 


— inexact sum or figure expected 


— Income, especially where generated from investment, also 
likely to be inaccurate 
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Obtain “information” on where that net worth 
came from 


e Having obtained the ‘figure’, information needs to be 
obtained on where it came from; inheritance, employment, 
business, investment etc. 

— For corporate/legal entities this is normally the income generated 
from commercial activity 

e Generally, no single source will account for total net worth 

— But categories are few and generally well understood and identified by 
industry 

— Often difficult to pull apart the different sources, and no expectation 
to do so 

e What level of detail constitutes reasonable measures is risk- 
based 
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On a risk-sensitive basis verify the information 


e Once the Al has information on how the wealth was generated and a 
description of it, Al must consider the validity — is it true? 
e Not necessary to find evidence to corroborate every source or to verify 
their net worth (which is most likely impossible) 
e Subject to the level of risk most Als seek to find some evidence from a 
reliable, independent source that corroborates the gist of the story 
— Normally a focus on the sources that generated the majority portion of the wealth 
— Difficult to pull apart; generally, no single source will account for total net worth 
e Examples: 
— Reputable sources on the internet 
— Confirmation from professionals with knowledge of the customer (accountants etc) 
e Guidance should be provided to staff, particularly where corroboration 
might be required 
— Must reflect risk-based principle 
— Resolving red flags 


( Ay b l HONG KONG MONETARY AUTHORITY 
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Level of corroboration increases with risk 


Copies of Trust Deeds, 
audited accounts 
Reliable, Independent 3°? 
Party information (e.g. 
Accountant) 


RISK = CORROBORATION 


Public Information, Open 
Sources 
& 
Official documents provided 
by Customer 
18 
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How far to go? 


e Expectation is reasonable measures — risk-based 


— such an approach can meet both the letter and spirit of the 
requirement 


e Risk should be the primary, not secondary consideration 


— Some Als processes are driven by practical matters of difficulty 
and lack a consistent approach 


e Not expected to know or verify all 


— Attempting to answer what may be impossible questions on 
SOW not required 


— Some Als try to collect detailed information from years ago 
regarding salary or investments: very difficult and not required 
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Record Keeping 


e Requirement is to obtain/ collect and record 


e Records maintained should enable an independent reviewer 
(whether internal or external to the Al) to understand the 
SOW on the basis of the information recorded 


e How a summary is presented is important, assessment, 
rationale for assessment, justification 


a KOC eran AUTANET 
Examples - Poor Practice 


e SOW requirements, particularly around verification, are not 
sufficiently risk-based 


— applying the same measures to customers of varying risks 
— collecting too little or too much information 


e Always accepting a customer’s explanation for SOW at face 
value 


— do not probe further, even where multiple red flags are raised 
e Over-reliance on undocumented information 


e Not distinguish between a customer’s source of funds and 
their source of wealth 


— this can be because of poorly designed forms or software or 
procedures which offer no real guidance to staff 
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Examples - Good Practice 


e Establish and document the source of wealth for high risk 
business relationships 


e Effective escalation and advisory procedures 
e Able to provide evidence that relevant SOW information is 


challenged (where appropriate) during the CDD process 
— there will be odd cases where compliance requires more objective 
information 
e Proactively follow up gaps in, and updates, SOW 
information for higher risk relationship during the course of 
the relationship 
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Examples - Good Practice 


e Have clear risk-based policies and procedures 
— e.g. setting out the EDD required for higher risk and PEP customers, 
particularly on SOW 
e Demonstrate risk-based approach, but on occasions do 
more on validation and corroboration, and from time to time 
there is evidence of challenge 
— easy for regulator to see system works and that component parts 
discharge roles 
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